There is an increasing need to scan the payloads of packets, in addition to or instead of scanning packet headers, to detect patterns in the data contained in the packets. Applications of this approach, generally referred to as deep-packet examination, may include worm and virus scanning, augmented intrusion detection, context- and/or protocol-aware firewalling, information protection, load balancing, or delivering network services on demand.
Since packets may be, and frequently are, received out of order, it can be particularly challenging to detect patterns that are fragmented across packets. Reassembly of the packet sequence at the point of examination to aid in detecting fragmented patterns presents significant memory and/or processing burdens, particularly when the number of flows to be monitored is potentially very large.